Diff
Modified: trunk/LayoutTests/ChangeLog (264750 => 264751)
--- trunk/LayoutTests/ChangeLog 2020-07-23 08:25:12 UTC (rev 264750)
+++ trunk/LayoutTests/ChangeLog 2020-07-23 08:49:40 UTC (rev 264751)
@@ -1,3 +1,14 @@
+2020-07-23 Mark Lam <mark....@apple.com>
+
+ Fix missing exception checks below RTCPeerConnection.generateCertificate().
+ https://bugs.webkit.org/show_bug.cgi?id=214668
+ <rdar://problem/65929975>
+
+ Reviewed by Yusuke Suzuki.
+
+ * webrtc/missing-exception-checks-RTCPeerConnection-generateCertificate-expected.txt: Added.
+ * webrtc/missing-exception-checks-RTCPeerConnection-generateCertificate.html: Added.
+
2020-07-23 Diego Pino Garcia <dp...@igalia.com>
[GTK] Unreviewed test gardening. Update GTK baseline after r264646.
Added: trunk/LayoutTests/webrtc/missing-exception-checks-RTCPeerConnection-generateCertificate-expected.txt (0 => 264751)
--- trunk/LayoutTests/webrtc/missing-exception-checks-RTCPeerConnection-generateCertificate-expected.txt (rev 0)
+++ trunk/LayoutTests/webrtc/missing-exception-checks-RTCPeerConnection-generateCertificate-expected.txt 2020-07-23 08:49:40 UTC (rev 264751)
@@ -0,0 +1,4 @@
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/webrtc/missing-exception-checks-RTCPeerConnection-generateCertificate.html (0 => 264751)
--- trunk/LayoutTests/webrtc/missing-exception-checks-RTCPeerConnection-generateCertificate.html (rev 0)
+++ trunk/LayoutTests/webrtc/missing-exception-checks-RTCPeerConnection-generateCertificate.html 2020-07-23 08:49:40 UTC (rev 264751)
@@ -0,0 +1,12 @@
+<!DOCTYPE html><!-- webkit-test-runner [ jscOptions=--validateExceptionChecks=true ] -->
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script>
+ RTCPeerConnection.generateCertificate({}).catch(() => { });
+</script>
+<script src=""
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (264750 => 264751)
--- trunk/Source/WebCore/ChangeLog 2020-07-23 08:25:12 UTC (rev 264750)
+++ trunk/Source/WebCore/ChangeLog 2020-07-23 08:49:40 UTC (rev 264751)
@@ -1,3 +1,27 @@
+2020-07-23 Mark Lam <mark....@apple.com>
+
+ Fix missing exception checks below RTCPeerConnection.generateCertificate().
+ https://bugs.webkit.org/show_bug.cgi?id=214668
+ <rdar://problem/65929975>
+
+ Reviewed by Yusuke Suzuki.
+
+ Test: webrtc/missing-exception-checks-RTCPeerConnection-generateCertificate.html
+
+ * bindings/js/JSCustomElementRegistryCustom.cpp:
+ (WebCore::JSCustomElementRegistry::whenDefined):
+ * bindings/js/JSDOMConvertUnion.h:
+ * bindings/js/JSDOMOperationReturningPromise.h:
+ (WebCore::IDLOperationReturningPromise::call):
+ (WebCore::IDLOperationReturningPromise::callReturningOwnPromise):
+ (WebCore::IDLOperationReturningPromise::callStatic):
+ (WebCore::IDLOperationReturningPromise::callStaticReturningOwnPromise):
+ * bindings/js/JSDOMPromiseDeferred.cpp:
+ (WebCore::DeferredPromise::reject):
+ (WebCore::rejectPromiseWithExceptionIfAny):
+ * bindings/js/JSDOMPromiseDeferred.h:
+ (WebCore::callPromiseFunction):
+
2020-07-22 Conrad Shultz <conrad_shu...@apple.com>
Update macOS Version macros
Modified: trunk/Source/WebCore/bindings/js/JSCustomElementRegistryCustom.cpp (264750 => 264751)
--- trunk/Source/WebCore/bindings/js/JSCustomElementRegistryCustom.cpp 2020-07-23 08:25:12 UTC (rev 264750)
+++ trunk/Source/WebCore/bindings/js/JSCustomElementRegistryCustom.cpp 2020-07-23 08:49:40 UTC (rev 264751)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2015-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -204,15 +204,17 @@
JSValue JSCustomElementRegistry::whenDefined(JSGlobalObject& lexicalGlobalObject, CallFrame& callFrame)
{
- auto scope = DECLARE_CATCH_SCOPE(lexicalGlobalObject.vm());
+ auto catchScope = DECLARE_CATCH_SCOPE(lexicalGlobalObject.vm());
ASSERT(globalObject());
auto* result = JSPromise::create(lexicalGlobalObject.vm(), lexicalGlobalObject.promiseStructure());
JSValue promise = whenDefinedPromise(lexicalGlobalObject, callFrame, *globalObject(), wrapped(), *result);
- if (UNLIKELY(scope.exception())) {
- rejectPromiseWithExceptionIfAny(lexicalGlobalObject, *globalObject(), *result);
- scope.assertNoException();
+ if (UNLIKELY(catchScope.exception())) {
+ rejectPromiseWithExceptionIfAny(lexicalGlobalObject, *globalObject(), *result, catchScope);
+ // FIXME: We could have error since any JS call can throw stack-overflow errors.
+ // https://bugs.webkit.org/show_bug.cgi?id=203402
+ RETURN_IF_EXCEPTION(catchScope, JSC::jsUndefined());
return result;
}
@@ -219,4 +221,4 @@
return promise;
}
-}
+} // namespace WebCore
Modified: trunk/Source/WebCore/bindings/js/JSDOMConvertUnion.h (264750 => 264751)
--- trunk/Source/WebCore/bindings/js/JSDOMConvertUnion.h 2020-07-23 08:25:12 UTC (rev 264750)
+++ trunk/Source/WebCore/bindings/js/JSDOMConvertUnion.h 2020-07-23 08:49:40 UTC (rev 264751)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2016-2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -172,7 +172,7 @@
constexpr bool hasNullType = brigand::any<TypeList, std::is_same<IDLNull, brigand::_1>>::value;
if (hasNullType) {
if (value.isUndefinedOrNull())
- return ConditionalConverter<ReturnType, IDLNull, hasNullType>::convert(lexicalGlobalObject, value).value();
+ RELEASE_AND_RETURN(scope, (ConditionalConverter<ReturnType, IDLNull, hasNullType>::convert(lexicalGlobalObject, value).value()));
}
// 2. Let types be the flattened member types of the union type.
@@ -182,7 +182,7 @@
if (hasDictionaryType) {
if (value.isUndefinedOrNull()) {
// 1. If types includes a dictionary type, then return the result of converting V to that dictionary type.
- return ConditionalConverter<ReturnType, DictionaryType, hasDictionaryType>::convert(lexicalGlobalObject, value).value();
+ RELEASE_AND_RETURN(scope, (ConditionalConverter<ReturnType, DictionaryType, hasDictionaryType>::convert(lexicalGlobalObject, value).value()));
}
}
@@ -231,7 +231,7 @@
if (arrayBuffer) {
if (hasArrayBufferType)
return ConditionalReturner<ReturnType, hasArrayBufferType>::get(WTFMove(arrayBuffer)).value();
- return ConditionalConverter<ReturnType, ObjectType, hasObjectType>::convert(lexicalGlobalObject, value).value();
+ RELEASE_AND_RETURN(scope, (ConditionalConverter<ReturnType, ObjectType, hasObjectType>::convert(lexicalGlobalObject, value).value()));
}
}
@@ -241,7 +241,7 @@
if (arrayBufferView) {
if (hasArrayBufferViewType)
return ConditionalReturner<ReturnType, hasArrayBufferViewType>::get(WTFMove(arrayBufferView)).value();
- return ConditionalConverter<ReturnType, ObjectType, hasObjectType>::convert(lexicalGlobalObject, value).value();
+ RELEASE_AND_RETURN(scope, (ConditionalConverter<ReturnType, ObjectType, hasObjectType>::convert(lexicalGlobalObject, value).value()));
}
}
@@ -254,7 +254,7 @@
if (dataView) {
if (hasDataViewType)
return ConditionalReturner<ReturnType, hasDataViewType>::get(WTFMove(dataView)).value();
- return ConditionalConverter<ReturnType, ObjectType, hasObjectType>::convert(lexicalGlobalObject, value).value();
+ RELEASE_AND_RETURN(scope, (ConditionalConverter<ReturnType, ObjectType, hasObjectType>::convert(lexicalGlobalObject, value).value()));
}
}
@@ -307,7 +307,7 @@
auto method = JSC::iteratorMethod(&lexicalGlobalObject, object);
RETURN_IF_EXCEPTION(scope, ReturnType());
if (!method.isUndefined())
- return ConditionalSequenceConverter<ReturnType, SequenceType, hasSequenceType>::convert(lexicalGlobalObject, object, method).value();
+ RELEASE_AND_RETURN(scope, (ConditionalSequenceConverter<ReturnType, SequenceType, hasSequenceType>::convert(lexicalGlobalObject, object, method).value()));
}
// 2. If types includes a frozen array type, then:
@@ -320,17 +320,17 @@
auto method = JSC::iteratorMethod(&lexicalGlobalObject, object);
RETURN_IF_EXCEPTION(scope, ReturnType());
if (!method.isUndefined())
- return ConditionalSequenceConverter<ReturnType, FrozenArrayType, hasFrozenArrayType>::convert(lexicalGlobalObject, object, method).value();
+ RELEASE_AND_RETURN(scope, (ConditionalSequenceConverter<ReturnType, FrozenArrayType, hasFrozenArrayType>::convert(lexicalGlobalObject, object, method).value()));
}
// 3. If types includes a dictionary type, then return the result of
// converting V to that dictionary type.
if (hasDictionaryType)
- return ConditionalConverter<ReturnType, DictionaryType, hasDictionaryType>::convert(lexicalGlobalObject, value).value();
+ RELEASE_AND_RETURN(scope, (ConditionalConverter<ReturnType, DictionaryType, hasDictionaryType>::convert(lexicalGlobalObject, value).value()));
// 4. If types includes a record type, then return the result of converting V to that record type.
if (hasRecordType)
- return ConditionalConverter<ReturnType, RecordType, hasRecordType>::convert(lexicalGlobalObject, value).value();
+ RELEASE_AND_RETURN(scope, (ConditionalConverter<ReturnType, RecordType, hasRecordType>::convert(lexicalGlobalObject, value).value()));
// 5. If types includes a callback interface type, then return the result of converting V to that interface type.
// (FIXME: Add support for callback interface type and step 12.5)
@@ -337,7 +337,7 @@
// 6. If types includes object, then return the IDL value that is a reference to the object V.
if (hasObjectType)
- return ConditionalConverter<ReturnType, ObjectType, hasObjectType>::convert(lexicalGlobalObject, value).value();
+ RELEASE_AND_RETURN(scope, (ConditionalConverter<ReturnType, ObjectType, hasObjectType>::convert(lexicalGlobalObject, value).value()));
}
}
}
@@ -347,7 +347,7 @@
constexpr bool hasBooleanType = brigand::any<TypeList, std::is_same<IDLBoolean, brigand::_1>>::value;
if (hasBooleanType) {
if (value.isBoolean())
- return ConditionalConverter<ReturnType, IDLBoolean, hasBooleanType>::convert(lexicalGlobalObject, value).value();
+ RELEASE_AND_RETURN(scope, (ConditionalConverter<ReturnType, IDLBoolean, hasBooleanType>::convert(lexicalGlobalObject, value).value()));
}
// 13. If V is a Number value, then:
@@ -355,21 +355,21 @@
constexpr bool hasNumericType = brigand::size<NumericTypeList>::value != 0;
if (hasNumericType) {
if (value.isNumber())
- return ConditionalConverter<ReturnType, NumericType, hasNumericType>::convert(lexicalGlobalObject, value).value();
+ RELEASE_AND_RETURN(scope, (ConditionalConverter<ReturnType, NumericType, hasNumericType>::convert(lexicalGlobalObject, value).value()));
}
// 14. If types includes a string type, then return the result of converting V to that type.
constexpr bool hasStringType = brigand::size<StringTypeList>::value != 0;
if (hasStringType)
- return ConditionalConverter<ReturnType, StringType, hasStringType>::convert(lexicalGlobalObject, value).value();
+ RELEASE_AND_RETURN(scope, (ConditionalConverter<ReturnType, StringType, hasStringType>::convert(lexicalGlobalObject, value).value()));
// 15. If types includes a numeric type, then return the result of converting V to that numeric type.
if (hasNumericType)
- return ConditionalConverter<ReturnType, NumericType, hasNumericType>::convert(lexicalGlobalObject, value).value();
+ RELEASE_AND_RETURN(scope, (ConditionalConverter<ReturnType, NumericType, hasNumericType>::convert(lexicalGlobalObject, value).value()));
// 16. If types includes a boolean, then return the result of converting V to boolean.
if (hasBooleanType)
- return ConditionalConverter<ReturnType, IDLBoolean, hasBooleanType>::convert(lexicalGlobalObject, value).value();
+ RELEASE_AND_RETURN(scope, (ConditionalConverter<ReturnType, IDLBoolean, hasBooleanType>::convert(lexicalGlobalObject, value).value()));
// 17. Throw a TypeError.
throwTypeError(&lexicalGlobalObject, scope);
Modified: trunk/Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h (264750 => 264751)
--- trunk/Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h 2020-07-23 08:25:12 UTC (rev 264750)
+++ trunk/Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h 2020-07-23 08:49:40 UTC (rev 264751)
@@ -1,6 +1,6 @@
/*
* Copyright (C) 1999-2001 Harri Porten (por...@kde.org)
- * Copyright (C) 2003-2006, 2008-2009, 2013, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2003-2020 Apple Inc. All rights reserved.
* Copyright (C) 2007 Samuel Weinig <s...@webkit.org>
* Copyright (C) 2009 Google, Inc. All rights reserved.
* Copyright (C) 2012 Ericsson AB. All rights reserved.
@@ -49,7 +49,7 @@
ASSERT_GC_OBJECT_INHERITS(thisObject, JSClass::info());
// FIXME: We should refactor the binding generated code to use references for lexicalGlobalObject and thisObject.
- return operation(&lexicalGlobalObject, &callFrame, thisObject, WTFMove(promise), throwScope);
+ RELEASE_AND_RETURN(throwScope, operation(&lexicalGlobalObject, &callFrame, thisObject, WTFMove(promise), throwScope));
}));
}
@@ -68,7 +68,7 @@
ASSERT_GC_OBJECT_INHERITS(thisObject, JSClass::info());
// FIXME: We should refactor the binding generated code to use references for lexicalGlobalObject and thisObject.
- return operation(&lexicalGlobalObject, &callFrame, thisObject, throwScope);
+ RELEASE_AND_RETURN(throwScope, operation(&lexicalGlobalObject, &callFrame, thisObject, throwScope));
}
template<StaticOperation operation, CastedThisErrorBehavior shouldThrow = CastedThisErrorBehavior::RejectPromise>
@@ -78,7 +78,7 @@
auto throwScope = DECLARE_THROW_SCOPE(JSC::getVM(&lexicalGlobalObject));
// FIXME: We should refactor the binding generated code to use references for lexicalGlobalObject.
- return operation(&lexicalGlobalObject, &callFrame, WTFMove(promise), throwScope);
+ RELEASE_AND_RETURN(throwScope, operation(&lexicalGlobalObject, &callFrame, WTFMove(promise), throwScope));
}));
}
@@ -90,7 +90,7 @@
auto throwScope = DECLARE_THROW_SCOPE(JSC::getVM(&lexicalGlobalObject));
// FIXME: We should refactor the binding generated code to use references for lexicalGlobalObject.
- return operation(&lexicalGlobalObject, &callFrame, throwScope);
+ RELEASE_AND_RETURN(throwScope, operation(&lexicalGlobalObject, &callFrame, throwScope));
}
};
Modified: trunk/Source/WebCore/bindings/js/JSDOMPromiseDeferred.cpp (264750 => 264751)
--- trunk/Source/WebCore/bindings/js/JSDOMPromiseDeferred.cpp 2020-07-23 08:25:12 UTC (rev 264750)
+++ trunk/Source/WebCore/bindings/js/JSDOMPromiseDeferred.cpp 2020-07-23 08:49:40 UTC (rev 264751)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -150,6 +150,7 @@
}
reject(lexicalGlobalObject, error, rejectAsHandled);
+ EXCEPTION_ASSERT(!scope.exception() || isTerminatedExecutionException(lexicalGlobalObject.vm(), scope.exception()));
}
void DeferredPromise::reject(ExceptionCode ec, const String& message, RejectAsHandled rejectAsHandled)
@@ -197,16 +198,14 @@
reject(*lexicalGlobalObject, JSC::Symbol::create(lexicalGlobalObject->vm(), privateName.uid()), rejectAsHandled);
}
-void rejectPromiseWithExceptionIfAny(JSC::JSGlobalObject& lexicalGlobalObject, JSDOMGlobalObject& globalObject, JSPromise& promise)
+void rejectPromiseWithExceptionIfAny(JSC::JSGlobalObject& lexicalGlobalObject, JSDOMGlobalObject& globalObject, JSPromise& promise, JSC::CatchScope& catchScope)
{
- VM& vm = lexicalGlobalObject.vm();
- auto scope = DECLARE_CATCH_SCOPE(vm);
-
- if (LIKELY(!scope.exception()))
+ UNUSED_PARAM(lexicalGlobalObject);
+ if (LIKELY(!catchScope.exception()))
return;
- JSValue error = scope.exception()->value();
- scope.clearException();
+ JSValue error = catchScope.exception()->value();
+ catchScope.clearException();
DeferredPromise::create(globalObject, promise)->reject<IDLAny>(error);
}
Modified: trunk/Source/WebCore/bindings/js/JSDOMPromiseDeferred.h (264750 => 264751)
--- trunk/Source/WebCore/bindings/js/JSDOMPromiseDeferred.h 2020-07-23 08:25:12 UTC (rev 264750)
+++ trunk/Source/WebCore/bindings/js/JSDOMPromiseDeferred.h 2020-07-23 08:49:40 UTC (rev 264751)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -289,7 +289,7 @@
void fulfillPromiseWithJSON(Ref<DeferredPromise>&&, const String&);
void fulfillPromiseWithArrayBuffer(Ref<DeferredPromise>&&, ArrayBuffer*);
void fulfillPromiseWithArrayBuffer(Ref<DeferredPromise>&&, const void*, size_t);
-WEBCORE_EXPORT void rejectPromiseWithExceptionIfAny(JSC::JSGlobalObject&, JSDOMGlobalObject&, JSC::JSPromise&);
+WEBCORE_EXPORT void rejectPromiseWithExceptionIfAny(JSC::JSGlobalObject&, JSDOMGlobalObject&, JSC::JSPromise&, JSC::CatchScope&);
enum class RejectedPromiseWithTypeErrorCause { NativeGetter, InvalidThis };
JSC::EncodedJSValue createRejectedPromiseWithTypeError(JSC::JSGlobalObject&, const String&, RejectedPromiseWithTypeErrorCause);
@@ -300,7 +300,7 @@
inline JSC::JSValue callPromiseFunction(JSC::JSGlobalObject& lexicalGlobalObject, JSC::CallFrame& callFrame)
{
JSC::VM& vm = JSC::getVM(&lexicalGlobalObject);
- auto scope = DECLARE_CATCH_SCOPE(vm);
+ auto catchScope = DECLARE_CATCH_SCOPE(vm);
auto& globalObject = callerGlobalObject(lexicalGlobalObject, callFrame);
auto* promise = JSC::JSPromise::create(vm, globalObject.promiseStructure());
@@ -308,10 +308,10 @@
promiseFunction(lexicalGlobalObject, callFrame, DeferredPromise::create(globalObject, *promise));
- rejectPromiseWithExceptionIfAny(lexicalGlobalObject, globalObject, *promise);
+ rejectPromiseWithExceptionIfAny(lexicalGlobalObject, globalObject, *promise, catchScope);
// FIXME: We could have error since any JS call can throw stack-overflow errors.
// https://bugs.webkit.org/show_bug.cgi?id=203402
- RETURN_IF_EXCEPTION(scope, JSC::jsUndefined());
+ RETURN_IF_EXCEPTION(catchScope, JSC::jsUndefined());
return promise;
}
@@ -319,7 +319,7 @@
inline JSC::JSValue callPromiseFunction(JSC::JSGlobalObject& lexicalGlobalObject, JSC::CallFrame& callFrame, PromiseFunctor functor)
{
JSC::VM& vm = JSC::getVM(&lexicalGlobalObject);
- auto scope = DECLARE_CATCH_SCOPE(vm);
+ auto catchScope = DECLARE_CATCH_SCOPE(vm);
auto& globalObject = callerGlobalObject(lexicalGlobalObject, callFrame);
auto* promise = JSC::JSPromise::create(vm, globalObject.promiseStructure());
@@ -327,10 +327,10 @@
functor(lexicalGlobalObject, callFrame, DeferredPromise::create(globalObject, *promise));
- rejectPromiseWithExceptionIfAny(lexicalGlobalObject, globalObject, *promise);
+ rejectPromiseWithExceptionIfAny(lexicalGlobalObject, globalObject, *promise, catchScope);
// FIXME: We could have error since any JS call can throw stack-overflow errors.
// https://bugs.webkit.org/show_bug.cgi?id=203402
- RETURN_IF_EXCEPTION(scope, JSC::jsUndefined());
+ RETURN_IF_EXCEPTION(catchScope, JSC::jsUndefined());
return promise;
}